Description

If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.

Consequences

Authorization: There is the potential for arbitrary code execution with privileges of the vulnerable program if the function parameter list is exhausted.

Availability: Potentially a program could fail if it needs more arguments then are available.

Exposure period

Implementation: This is a simple logical flaw created at implementation time.

Platform

Languages: C or C++

Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

High

This issue can be simply combated with the use of proper build process.

Risk Factors

Talk about the factors that make this vulnerability likely or unlikely to actually happen

Discuss the technical impact of a successful exploit of this vulnerability

Implementation: Forward declare all functions. This is the recommended solution. Properly forward declaration of all used functions will result in a compiler error if too few arguments are sent to a function.